Re: [openpgp] "SHA-1 is a Shambles" and forging PGP WoT signatures
2020-01-24 10:57:25
Damien Goutte-Gattat <dgouttegattat(_at_)incenp(_dot_)org> wrote:
> What Marcus says the author *could* have done is to generate the two keys
A
> and B in such a way that they also have the same fingerprint. They have
> not
I'm not convinced that there are enough under-determined bytes that can be
mutated in the content that goes into making the fingerprint.
AFAIK, it's just the key.
I guess, maybe if the key is big enough (rsa 8K, bigger), that the bytes
could be in the prime itself. Are you saying that? If so, I wonder what the
smallest key for which this is true is.
-- ] Never tell me the odds! | ipv6 mesh networks [ ] Michael Richardson, Sandelman Software Works | IoT architect [ ] mcr(_at_)sandelman(_dot_)ca http://www.sandelman.ca/ | ruby on rails [
signature.asc
Description: PGP signature
_______________________________________________ openpgp mailing list openpgp(_at_)ietf(_dot_)org https://www.ietf.org/mailman/listinfo/openpgp
| Previous by Date: | Re: [openpgp] "SHA-1 is a Shambles" and forging PGP WoT signatures, Damien Goutte-Gattat |
|---|---|
| Next by Date: | Re: [openpgp] "SHA-1 is a Shambles" and forging PGP WoT signatures, Michael Richardson |
| Previous by Thread: | Re: [openpgp] "SHA-1 is a Shambles" and forging PGP WoT signatures, Damien Goutte-Gattat |
| Next by Thread: | Re: [openpgp] "SHA-1 is a Shambles" and forging PGP WoT signatures, Damien Goutte-Gattat |
| Indexes: | [Date] [Thread] [Top] [All Lists] |